It is known, in the field of computer network environments, to provide data processing capabilities on a distributed basis, in which processing power, data storage facilities, communication mechanisms and various applications are located—and hence provided at—a number of distinct and often disparate physical locations.
As will be understood by those well-versed in the relevant art, an advantage of this distributed approach is that computational and data-handling loads can be shared between a number of entities, often operating in parallel, resulting in an improvement in data processing efficiency, speed of operation and accuracy of results.
In the Internet world, service providers (e.g. Application Service Providers—ASPs) offer access, to individual users and corporate enterprises, to services (e.g. applications) that would otherwise need to be present in their own personal or corporate computer environment. Whilst this offers benefits in that specialised (perhaps rarely-used) applications can be made available to individuals, that would be expensive to install and maintain on a local basis, the distributed approach does give rise to security concerns on the basis that data used by such remote applications and services, for example, can be susceptible to corruption, theft and loss, for example.
As personalised services evidently require sensitive personal data if they are to be able to perform properly, it is important for users and intermediate Solution Providers (in effect, portals linking users to remote ASPs) have trust in the data-processing environments to which the sensitive data is dispatched.
As will be understood, these data-processing environments (known as execution environments) constitute the space where code (and perhaps data) from the service provider is brought together with user-specific data to allow the remote service to be performed. In a distributed arrangement of the type to which this invention relates, this execution environment could be located at a number of different remote locations, such as on a user device, an ASP per se or perhaps even a Grid element, where a Grid computing arrangement is being utilised.
The important point is that neither the end user nor service provider will necessarily be aware of exactly where the data-processing will take place, with the uncertainty giving rise, at least in part, to the trust requirement mentioned above.
Sony International (Europe) GmbH, in their European patent application EP 1067457 A1, address this issue with the use of so-called trust tokens that are awarded to network nodes that meet the trust requirements of a trust centre. In the event that a mobile agent, present on the network, wishes to migrate to a particular network, a simple yes/no check is effected to establish whether or not that node has been awarded a trust token, so that migration of the agent may be restricted to nodes to whom such tokens have been awarded.